You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2017/01/06 19:43:23 UTC
[2/2] shiro git commit: SHIRO-607: find the annotations on the types
as well
SHIRO-607: find the annotations on the types as well
Fixes: #54
Signed-off-by: Laszlo Hornyak <la...@gmail.com>
Signed-off-by: Brian Demers <bd...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/0aec3734
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/0aec3734
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/0aec3734
Branch: refs/heads/master
Commit: 0aec373400bd5306d75537c4a2edd31954bcd1d4
Parents: 98810db
Author: Laszlo Hornyak <la...@gmail.com>
Authored: Fri Dec 30 21:15:03 2016 +0100
Committer: Brian Demers <bd...@apache.org>
Committed: Fri Jan 6 14:42:16 2017 -0500
----------------------------------------------------------------------
.../AuthorizationAttributeSourceAdvisor.java | 16 +++++++++----
...AuthorizationAttributeSourceAdvisorTest.java | 24 ++++++++++++++++++++
2 files changed, 36 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/0aec3734/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisor.java
----------------------------------------------------------------------
diff --git a/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisor.java b/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisor.java
index b9deb2b..45fe713 100644
--- a/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisor.java
+++ b/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisor.java
@@ -63,7 +63,7 @@ public class AuthorizationAttributeSourceAdvisor extends StaticMethodMatcherPoin
}
/**
- * Returns <tt>true</tt> if the method has any Shiro annotations, false otherwise.
+ * Returns <tt>true</tt> if the method or the class has any Shiro annotations, false otherwise.
* The annotations inspected are:
* <ul>
* <li>{@link org.apache.shiro.authz.annotation.RequiresAuthentication RequiresAuthentication}</li>
@@ -90,9 +90,7 @@ public class AuthorizationAttributeSourceAdvisor extends StaticMethodMatcherPoin
if ( targetClass != null) {
try {
m = targetClass.getMethod(m.getName(), m.getParameterTypes());
- if ( isAuthzAnnotationPresent(m) ) {
- return true;
- }
+ return isAuthzAnnotationPresent(m) || isAuthzAnnotationPresent(targetClass);
} catch (NoSuchMethodException ignored) {
//default return value is false. If we can't find the method, then obviously
//there is no annotation, so just use the default return value.
@@ -102,6 +100,16 @@ public class AuthorizationAttributeSourceAdvisor extends StaticMethodMatcherPoin
return false;
}
+ private boolean isAuthzAnnotationPresent(Class<?> targetClazz) {
+ for( Class<? extends Annotation> annClass : AUTHZ_ANNOTATION_CLASSES ) {
+ Annotation a = AnnotationUtils.findAnnotation(targetClazz, annClass);
+ if ( a != null ) {
+ return true;
+ }
+ }
+ return false;
+ }
+
private boolean isAuthzAnnotationPresent(Method method) {
for( Class<? extends Annotation> annClass : AUTHZ_ANNOTATION_CLASSES ) {
Annotation a = AnnotationUtils.findAnnotation(method, annClass);
http://git-wip-us.apache.org/repos/asf/shiro/blob/0aec3734/support/spring/src/test/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisorTest.java
----------------------------------------------------------------------
diff --git a/support/spring/src/test/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisorTest.java b/support/spring/src/test/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisorTest.java
index 7c33d2f..5294f02 100644
--- a/support/spring/src/test/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisorTest.java
+++ b/support/spring/src/test/java/org/apache/shiro/spring/security/interceptor/AuthorizationAttributeSourceAdvisorTest.java
@@ -55,6 +55,19 @@ public class AuthorizationAttributeSourceAdvisorTest {
}
}
+ @RequiresAuthentication
+ interface SafeServiceInterface {
+ String someMethod();
+ }
+
+ static class SafeServiceImpl implements SafeServiceInterface {
+
+ @Override
+ public String someMethod() {
+ return "";
+ }
+ }
+
@Test
public void matches() throws NoSuchMethodException {
assertTrue(
@@ -79,6 +92,17 @@ public class AuthorizationAttributeSourceAdvisorTest {
ServiceInterface.class.getDeclaredMethod("unsecuredMethod"), ServiceImpl.class
));
+ assertTrue(
+ "the method declaration is in the interface with type-annotation, should match",
+ new AuthorizationAttributeSourceAdvisor().matches(
+ SafeServiceInterface.class.getDeclaredMethod("someMethod"), SafeServiceInterface.class
+ ));
+ assertTrue(
+ "the method declaration is in the interface with type-annotation, should match",
+ new AuthorizationAttributeSourceAdvisor().matches(
+ SafeServiceImpl.class.getDeclaredMethod("someMethod"), SafeServiceImpl.class
+ ));
+
}
}